Cisco Intrusion Detection Products May Allow Intrusion
A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory. An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) - could allow an attacker to spoof an IDS system and gain access to sensitive data. SSL certificates are used to authenticate Cisco devices and services as they interact with one another.
A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco.
The announcement continues a trend in which security products are emerging as a potential entry point for attackers. Last year the Witty Worm spread rapidly using a security weakness in BlackIce IDS products from Internet Security Systems. Serious security holes have also been discovered in Symantec antivirus products and the ZoneAlarm family of firewalls from Computer Associates, among others.
Digg
Slashdot
Reddit
StumbleUpon
Delicious
Technorati| Rackspace Managed Hosting - Web Hosting - Hosting | Swishmail.com Business Email Hosting | Dedicated Servers - Apollo Hosting |
| INetU Managed Hosting - Dedicated Servers | DataPipe - Personal Touch, Global Reach | Website Hosting - Website Source - Ecommerce, VPS |
| Reseller hosting Managed dedicated server Ahosting | Web Hosting and Reseller Hosting By HostDepartment | Web Hosting UK - VPS Hosting Dedicated Server |
| Web Site Hosting - Network Solutions | Simplicato Email Hosting | |
Advertising on Netcraft